226 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
226 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
227 \begin{frame}[c] |
227 \begin{frame}[c] |
228 \frametitle{Behind the Scenes} |
228 \frametitle{Behind the Scenes} |
229 |
229 |
230 \only<2->{ |
230 \only<2->{ |
231 \begin{textblock}{7}(1,1) |
231 \begin{textblock}{7}(1,0.6) |
232 \begin{bubble}[6.8cm] |
232 \begin{bubble}[6.8cm] |
233 \footnotesize |
233 \footnotesize |
234 \lstinputlisting[language=C,xleftmargin=5mm]{../progs/example1.c} |
234 \lstinputlisting[language=C, |
|
235 xleftmargin=5mm, |
|
236 belowskip=-1mm, |
|
237 aboveskip=-1mm]{../progs/example1.c} |
235 \end{bubble} |
238 \end{bubble} |
236 \end{textblock}} |
239 \end{textblock}} |
237 |
240 |
238 \only<2>{ |
241 \only<2>{ |
239 \begin{textblock}{7}(5,8) |
242 \begin{textblock}{7}(0.5,6.6) |
240 \footnotesize |
243 \footnotesize |
241 \lstinputlisting[language={[x86masm]Assembler},morekeywords={movl},xleftmargin=5mm,numbers=none]{../progs/example1a.s} |
244 \lstinputlisting[language={[x86masm]Assembler},morekeywords={movl},xleftmargin=5mm,numbers=none]{../progs/example1a.s} |
242 \end{textblock}} |
245 \end{textblock}} |
243 |
246 |
244 \only<3>{ |
247 \only<3>{ |
245 \begin{textblock}{7}(5,8) |
248 \begin{textblock}{7}(0.5,6.6) |
246 \footnotesize |
249 \footnotesize |
247 \lstinputlisting[language={[x86masm]Assembler},morekeywords={movl,movw},xleftmargin=5mm,numbers=none]{../progs/example1b.s} |
250 \lstinputlisting[language={[x86masm]Assembler},morekeywords={movl,movw},xleftmargin=5mm,numbers=none]{../progs/example1b.s} |
248 \end{textblock}} |
251 \end{textblock}} |
249 |
252 |
250 \end{frame} |
253 \end{frame} |
276 \draw[line width=1mm] (-1,6) -- (1,6); |
279 \draw[line width=1mm] (-1,6) -- (1,6); |
277 \draw (2,5.1) node[anchor=south] {\code{$esp}}; |
280 \draw (2,5.1) node[anchor=south] {\code{$esp}}; |
278 \draw[<-,line width=0.5mm] (1.1,6) -- (2.5,6); |
281 \draw[<-,line width=0.5mm] (1.1,6) -- (2.5,6); |
279 |
282 |
280 \draw[->,line width=0.5mm] (1,4.5) -- (1.8,4.5); |
283 \draw[->,line width=0.5mm] (1,4.5) -- (1.8,4.5); |
281 \draw (2.5,4.1) node[anchor=south] {\code{??}}; |
284 \draw (2.5,4.1) node[anchor=south] {\code{BBBB}}; |
282 |
285 |
283 \draw[->,line width=0.5mm] (1,3.5) -- (2.5,3.5); |
286 \draw[->,line width=0.5mm] (1,3.5) -- (2.5,3.5); |
284 \draw (2.6,3.1) node[anchor=south west] {\tt jump to \code{\\x080483f4}}; |
287 \draw (2.6,3.1) node[anchor=south west] {\tt jump to \code{\\x080483f4}}; |
285 \end{tikzpicture} |
288 \end{tikzpicture} |
286 \end{textblock} |
289 \end{textblock} |
407 \end{frame} |
410 \end{frame} |
408 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
411 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
409 |
412 |
410 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
413 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
411 \begin{frame}[c] |
414 \begin{frame}[c] |
412 \frametitle{\begin{tabular}{c}Protections against\\ Buffer Overflow Attacks\end{tabular}} |
415 \frametitle{\begin{tabular}{c} |
|
416 Protections against\\ |
|
417 Buffer Overflow Attacks |
|
418 \end{tabular}} |
413 |
419 |
414 \begin{itemize} |
420 \begin{itemize} |
415 \item use safe library functions |
421 \item use safe library functions |
416 \item stack canaries |
422 \item stack canaries |
417 \item ensure stack data is not executable (can be defeated) |
423 \item ensure stack data is not executable (can be defeated) |
419 \item choice of programming language (one of the selling points of Java) |
425 \item choice of programming language (one of the selling points of Java) |
420 \end{itemize} |
426 \end{itemize} |
421 |
427 |
422 \only<2>{ |
428 \only<2>{ |
423 \begin{textblock}{7}(6,1) |
429 \begin{textblock}{7}(6,1) |
424 \begin{bubble}[5cm] |
430 \begin{bubble}[5.5cm] |
425 \begin{tabular}{cp{2cm}} |
431 \begin{tabular}{cp{2.9cm}} |
426 \begin{tikzpicture}[baseline=40mm,scale=0.8] |
432 \begin{tikzpicture}[baseline=40mm,scale=0.8] |
427 %\draw[step=1cm] (-3,-1) grid (3,8); |
433 %\draw[step=1cm] (-3,-1) grid (3,8); |
428 \draw[gray!20,fill=gray!20] (-1, 0) rectangle (1,-1); |
434 \draw[gray!20,fill=gray!20] (-1, 0) rectangle (1,-1); |
429 \draw[line width=1mm] (-1,-1.2) -- (-1,7.4); |
435 \draw[line width=1mm] (-1,-1.2) -- (-1,7.4); |
430 \draw[line width=1mm] ( 1,-1.2) -- ( 1,7.4); |
436 \draw[line width=1mm] ( 1,-1.2) -- ( 1,7.4); |
443 \draw (0,5) node[anchor=south] {\tt\small\alert{\textbf{random}}}; |
449 \draw (0,5) node[anchor=south] {\tt\small\alert{\textbf{random}}}; |
444 \draw[line width=1mm] (-1,6) -- (1,6); |
450 \draw[line width=1mm] (-1,6) -- (1,6); |
445 \draw (0,6) node[anchor=south] {\tt buf}; |
451 \draw (0,6) node[anchor=south] {\tt buf}; |
446 \draw[line width=1mm] (-1,7) -- (1,7); |
452 \draw[line width=1mm] (-1,7) -- (1,7); |
447 \end{tikzpicture} & |
453 \end{tikzpicture} & |
448 canary: a random value after the local variables |
454 \raggedright stack canary: a random value after the local variables |
449 \end{tabular} |
455 \end{tabular} |
450 \end{bubble} |
456 \end{bubble} |
451 \end{textblock}} |
457 \end{textblock}} |
452 |
458 |
453 |
459 |